[openssl-users] Privacy considerations - identity hiding from eavesdropping in (D)TLS
Viktor S. Wold Eide
viktor.s.wold.eide at gmail.com
Fri Aug 21 07:58:32 UTC 2015
Hi,
When using openssl to establish an authenticated DTLS 1.2 connection,
certificates for both the client and the server are sent in cleartext
during the handshake. From what I understand, this is a protocol issue, for
example addressed in the draft: "Transport Layer Security (TLS) Encrypted
Handshake Extension, draft-ray-tls-encrypted-handshake-00" (expired in
2012).
Are there any recommended ways to avoid certificates being sent in
cleartext? That is, to first establish an anonymous encrypted channel, and
then to authenticate within the encrypted channel.
I am also aware of some of the work in progress on TLS 1.3. It would be
helpful to understand what is reasonable to expect from the changes
introduced in (D)TLS 1.3 in this respect.
Best regards
Viktor S. Wold Eide
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150821/f07ce171/attachment.html>
More information about the openssl-users
mailing list